Merge pull request #881 from feedly/threat-actors/add-camaro-dragon

[threat-actors] Add Camaro Dragon
2023-10-26 17:44:44 +02:00 · 2023-10-26 17:44:44 +02:00 · 555c45c139
parent c585caa4db dcde706078
commit 555c45c139
1 changed files with 12 additions and 0 deletions
--- a/clusters/threat-actor.json
+++ b/clusters/threat-actor.json
@ -12047,6 +12047,18 @@
      ],
      "uuid": "9766d52e-0e5d-4997-9c31-7f2291dcda9e",
      "value": "Void Rabisu"
+    },
+    {
+      "description": "In early 2023, the Check Point Incident Response Team (CPIRT) team investigated a malware incident at a European healthcare institution involving a set of tools mentioned in the Avast report in late 2022. The incident was attributed to Camaro Dragon, a Chinese-based espionage threat actor whose activities overlap with activities tracked by different researchers as Mustang Panda and LuminousMoth, whose focus is primarily on Southeast Asian countries and their close peers.",
+      "meta": {
+        "country": "CN",
+        "references": [
+          "https://research.checkpoint.com/2023/the-dragon-who-sold-his-camaro-analyzing-custom-router-implant/",
+          "https://research.checkpoint.com/2023/beyond-the-horizon-traveling-the-world-on-camaro-dragons-usb-flash-drives/"
+        ]
+      },
+      "uuid": "9ee446fd-b0cd-4662-9cd1-a60b429192db",
+      "value": "Camaro Dragon"
    }
  ],
  "version": 287